Re: Call for testing: grub 2.12 mantic

2023-07-31 Thread Julian Andres Klode 
On Thu, Jul 27, 2023 at 06:50:34PM +0200, Julian Andres Klode wrote:
> Hello party people,
> 
> grub 2.12~rc1-4~ubuntu1~ppa1 is now available in the Ubuntu
> development PPA for testing, signed with the PPA signing
> key.
> 
> https://launchpad.net/~ubuntu-uefi-team/+archive/ubuntu/ppa/+packages

The final 4ubuntu1 upload has now been signed with production
keys and copied into the mantic-proposed pocket. It may
take a couple hours to show up on your mirror.

This fixes the bug with grub-install not running amongst some
other issues in the 4~ubuntu1~ppa1 PPA upload.
-- 
debian developer - deb.li/jak | jak-linux.org - free software dev
ubuntu core developer  i speak de, en

-- 
ubuntu-devel mailing list
ubuntu-devel@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel

Re: Call for testing: grub 2.12 mantic PPA

2023-07-28 Thread Julian Andres Klode 
On Thu, Jul 27, 2023 at 06:50:34PM +0200, Julian Andres Klode wrote:
> Hello party people,
> 
> grub 2.12~rc1-4~ubuntu1~ppa1 is now available in the Ubuntu
> development PPA for testing, signed with the PPA signing
> key.
> 
> https://launchpad.net/~ubuntu-uefi-team/+archive/ubuntu/ppa/+packages
> 
> I have tested booting on my laptop and it's fine, but I've
> specifically not gotten around to any arm64 or riscv64 testing
> or PC BIOS for that matter. Well I booted a kernel in arm64
> qemu.

Addendum:

Please run grub-install manually after the upgrade.

A refactoring of the postinst moved a variable access too far
up before it was defined so it tried to check for the wrong thing
to see if it should install.

-- 
debian developer - deb.li/jak | jak-linux.org - free software dev
ubuntu core developer  i speak de, en

-- 
ubuntu-devel mailing list
ubuntu-devel@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel

Call for testing: grub 2.12 mantic PPA

2023-07-27 Thread Julian Andres Klode 
Hello party people,

grub 2.12~rc1-4~ubuntu1~ppa1 is now available in the Ubuntu
development PPA for testing, signed with the PPA signing
key.

https://launchpad.net/~ubuntu-uefi-team/+archive/ubuntu/ppa/+packages

I have tested booting on my laptop and it's fine, but I've
specifically not gotten around to any arm64 or riscv64 testing
or PC BIOS for that matter. Well I booted a kernel in arm64
qemu.

To test on a secure boot enabled machine, you have two
options:

1. Enroll the signing key using

$ wget 
https://ppa.launchpadcontent.net/ubuntu-uefi-team/ppa/ubuntu/dists/mantic/main/uefi/grub2-amd64/2.12~rc1-4~ubuntu1~ppa1/control/uefi.crt
$ openssl x509 -in uefi.crt -out uefi.der -outform DER
$ sudo mokutil --import uefi.der

2. Just install it and enroll the specific binary by its hash. To
   do so, at boot after you get a seucrity violation, MokManager
   pops up and presents a menu.

   Select to enroll a hash, and navigate to EFI/ubuntu/grubx64.efi
   on your EFI system partition and enroll it.

I plan to do some more cleanup and release the -4 to Debian, and
have the final version go to mantic-proposed during the first half
of next week if signing works out and machines boot :)

Probably we'll then go tag it block-proposed for yet some more
time so we can do some more testing with signed binaries, but
have it in the archive to ease testing.

Known issues:

- Several UEFI networking patches have not yet been rebased to the
  new APIs in 2.12. Sadly the patches were not merged upstream when
  they were submitted :(

- Kernels older than 5.8 will not boot in full UEFI mode on
  amd64, but use the legacy entry points used by BIOS.

  This is because we are switching from the Red Hat loading
  code to the upstream loading code in our effort to make bold
  changes to be the first. OK realistically to get rid of a 20
  patch stack and 3 separate loader implementations.

  I have plans for a better workaround on x86, and the wonderful
  Ard Biesheuvel has backported the EFI stub with LoadFile2 support
  to the 5.4 kernel which we might want to pick for 20.04.

- Measurement changes may require followup changes to TPM
  sealing calculations, but not sure there are any

- Software

- The GRUB_FLAVOUR_ORDER feature used by OEM images is not yet
  supported. Support will be reinstated later this cycle to
  early next cycle. 

-- 
debian developer - deb.li/jak | jak-linux.org - free software dev
ubuntu core developer  i speak de, en

-- 
ubuntu-devel mailing list
ubuntu-devel@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel